Ready to Start Your Career?
January 1, 2016
Is An Associate's Degree In Cybersecurity A Viable Option?
January 1, 2016
Hello all, I'm currently a 19 year old who is studying at a community college, and my degree path is to earn an Associate's Degree of Applied Science in Cybersecurity. I'm also planning on earning certifications before I finish my Associate's, but still need to figure out which ones would look best on a resume for a security position, and am regularly using the classes on this website to reaffirm my knowledge from my college classes and get a head start on classes coming up in the fall. My professors and other faculty have assured me that given the nature of the industry right now and for the foreseeable future, an Associate's degree should be enough to get me an entry level cybersecurity position. However, I'm worried because all of my research into positions in the security world seem to request at least a Bachelor's degree. I'm hoping to hear good advice from professionals already in the industry who may be able to give me a more realistic idea of what I need to do in order to get my foot into the cybersecurity world. I know this was a bit of a long post, so thank you for reading through it all. Well, it sounds like you're off to a good start. I'd say what companies are looking for more than anything is experience. Pursuing college is great, and will help you cross those barriers where they want people with a degree to be considered for a position, but experience will trump education most of the time. What that means is if you are going for certifications as well, they can definitely help get you to where you want to be, as the right ones show that you not only have the education, but experience in those subjects (note: B.S. certifications that don't really show you have experience in a subject area don't help with this cause). If you want to pursue a certification, go for the Security+ to start with. It shows you know enough about the basics of security. Also, if you want to start networking, take a look at joining OWASP or your local ISSA chapter, and show up at the events. You'll learn some useful information, and the people that attend are mostly folks already in the cyber field, so you can pick their brains, and they usually know of security jobs that are available. It never hurts to start as soon as possible. Many of the best security professionals I know never went to college or went late. The fact is, with security, by the time either an exploitation or mitigation technique makes it into established academic cannon and is taught to students, it is probably already out of date. Bedrock principles never change, just make sure you understand them. (I have a graphic on my wall at work from a DoD white paper from the 1970s, and the security threats it details are still pretty much what I have to worry about today) I've interviewed a number of students pursuing Masters in Information Assurance and Security degrees for internships and entry-level positions. None of them could describe to me how the stack and the heap work, how asymmetric cryptography works, etc., except for two, who had B.S. degrees in Computer Engineering. I've been doing this work for a while now, and I'll say this: A degree may get you past the H.R. filter, as some certs might. However, once you get in front of the hiring manager and team members for the interview, they probably don't care where you got the knowledge and the skills as long as you have them, are honest when you don't know something, and show a willingness to learn and develop yourself so that you can be a valuable team member. Also, make sure you know the basics of networking, computer organization and design, etc. For instance, if you don't understand how TCP/IP works, the difference between ephemeral and well-known ports, etc., then you're not going to be qualified to deploy and tune an NBAD solution (as an example of a "senior"-level analyst I had to work with in the past), regardless of whether you learned how to do SQL injections in class. I hate to say this but your professors are blowing rainbow colored smoke right up your ass. Yes, there's a big demand for CS professionals out there but an entry level security professional is an experienced IT professional. I love the way @badfilemagic describes a degree as an HR filter, that's exactly what it is! If you follow any of my posts you'll know that the current movement by colleges to offer cyber security as an undergraduate degree program sickens me. It does nothing but give aspiring security professionals false hope that they can jump into the field with the knowledge they get from a four year (or 2 year in this case) institution, and in most cases (there are always exceptions) that's simply not the case. But (and here comes the good news), it's still not a bad degree to go with. On one hand there's a SLIGHT chance it will get you an entry level position (just a sliver over what other computer science disciplines would provide). On the other hand getting an entry level position in just about any other IT field, such as networking, sysad, etc will also look at your associates in CS in nearly the same regard as one in the related discipline. In other words, if you apply for a junior network engineer position with your CS degree you'll likely be just as competitive for that job as you would be with a AS in networking. Later on when you have some keyboard time under your belt, you have the necessary experience and certs to back it up (notice how I say certs back up experience and not the other way around) you'll have a degree that plays into your favor.